New submission from Dustin Oprea: I am trying to do an authenticated-SSL request to an Nginx server using *requests*, which wraps urllib2/httplib. It's worked perfectly for months until Friday on my local system (Mac 10.9.5), and there have been no upgrades/patches.
My Python 2.7.6 client fails when connecting to Nginx, locally. I get a 400, with this: <html> <head><title>400 No required SSL certificate was sent</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>No required SSL certificate was sent</center> <hr><center>nginx/1.4.6 (Ubuntu)</center> </body> </html> This is an example that uses urllib2/httplib, directly: import urllib2 import httplib cert_filepath = '/var/lib/rt_data/ssl/rt.crt.pem' key_filepath = '/var/lib/rt_data/ssl/rt.private_key.pem' url = 'https://deploy_api.local:8443/auth/admin/1/hosts' class HTTPSClientAuthHandler(urllib2.HTTPSHandler): """Wrapper to allow for authenticated SSL connections.""" def __init__(self, key, cert): urllib2.HTTPSHandler.__init__(self) self.key = key self.cert = cert def https_open(self, req): # Rather than pass in a reference to a connection class, we pass in # a reference to a function which, for all intents and purposes, # will behave as a constructor return self.do_open(self.getConnection, req) def getConnection(self, host, timeout=300): return httplib.HTTPSConnection(host, key_file=self.key, cert_file=self.cert) opener = urllib2.build_opener(HTTPSClientAuthHandler(key_filepath, cert_filepath)) response = opener.open(url) response_data = response.read() print(response_data) These are the factors: - It works when connecting to the remote server. Both local and remote are Nginx with similar configs. - cURL works perfectly: curl -s -v -X GET -k --cert /var/lib/rt_data/ssl/rt.crt.pem --key /var/lib/rt_data/ssl/rt.private_key.pem https://server.local:8443/auth/admin/1/hosts - I've tried under Vagrant with Ubuntu 12.04 (2.7.3) and 14.04 (2.7.6). No difference. - It works with Python 3.4 on the local system. This only has only affected 2.7 very suddenly. Due to the error-message above, it seems like there's a break down in sending the certificate/key. I have no idea what's going on, and this has caused me a fair amount of distress. Can you provide me a direction? ---------- components: Library (Lib) messages: 230934 nosy: Dustin.Oprea priority: normal severity: normal status: open title: urllib2/httplib is rendering 400s for every authenticated-SSL request, suddenly type: behavior versions: Python 2.7 _______________________________________ Python tracker <[email protected]> <http://bugs.python.org/issue22835> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
